mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
WL#1339 "Add per account max_user_connections limit (maximum number
of concurrent connections for the same account)"
Added support of account specific max_user_connections limit. Made all
user limits to be counted per account instead of the old behavior,
which was per user/host accounting. Added option which enables the old
behavior. Added testing of these to the test suite.
(After review version).
client/mysqltest.c:
Extended mysqltest to be able to handle connect() statements for which
error is expected.
- Added replace_dynstr_append() utility function.
- added connect_n_handle_errors() function which connects with server
without retries and handles errors as if "connect" was usual
statement.
- do_connect(): added ability to handle connects which are expected
to return an error.
- run_query_normal(): Moved all expected-error-handling code to separate
normal_handle_error()/normal_handle_no_error() functions to be able
to reuse them in connect_n_handle_errors().
mysql-test/r/grant.result:
Fixed test results since one more column to mysql.user was added.
mysql-test/r/system_mysql_db.result:
Fixed test results since one more column to mysql.user was added.
scripts/mysql_create_system_tables.sh:
Added max_user_connections column to mysql.user table for storing
new maximal concurrent connections per account limit.
scripts/mysql_fix_privilege_tables.sql:
Added max_user_connections column to mysql.user table for storing
new maximal concurrent connections per account limit.
sql/lex.h:
Added MAX_USER_CONNECTIONS symbol used for specifying
maximum number of concurrent connections per account.
sql/mysql_priv.h:
Added declaration of opt_old_style_user_limits variable which is defined
in sql/mysqld.cc used in sql/sql_parse.cc.
sql/mysqld.cc:
Added "old-style-user-limits" option which forces user limits to behave
in old way i.e. to be counted per user/host pair instead of per account.
Added comment describing mqh_used variable.
sql/set_var.cc:
Added sys_var_max_user_conn class which implements support for the new
behavior of max_user_connections variable. Now the global instance of
this variable holds default maximum number of concurrent connections per
account (as it was before) and the session instance gives read-only
access to account-specific version of this limit.
sql/set_var.h:
Added sys_var_max_user_conn class which implements support for the new
behavior of max_user_connections variable. Now the global instance of
this variable holds default maximum number of concurrent connections per
account (as it was before) and the session instance gives read-only
access to account-specific version of this limit.
sql/sql_acl.cc:
Added support for account-specific MAX_USER_CONNECTIONS limit.
Tweaked USER_RESOURCES and their handling for better clarity.
sql/sql_parse.cc:
Added support for account-specific MAX_USER_CONNECTIONS (maximum number
of concurrent connections per account) limit. Changed default behavior
of all user limits to be per account instead of per user+host.
'--old-style-user-limits' option was added to enable the old behavior.
Made maximum number of connections per hour to be independant on the
value of global max_user_connections variable.
sql/sql_yacc.yy:
Added support of new MAX_USER_CONNECTIONS limit to grammar.
Renamed USER_RESOURCES::connections member to conn_per_hour and bits
member to specified_limits. Also enum is used instead of naked numbers
when we are working with specified_limits.
sql/structs.h:
USER_RESOURCES struct:
- Added user_conn member to store the maximum number of concurrent
connections for an account. Renamed connections member to
conn_per_hour for less ambiguity.
- Renamed member 'bits' to 'specified_limits' for the sake of clarity.
The member was used as a flag indicating which limits were mentioned
in GRANT clause.
- Added comments.
USER_CONN struct:
- Removed unused user_len member.
- Added comments.
This commit is contained in:
unknown
@ -10,8 +10,8 @@ GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE CIPHER 'EDH-RSA-DES-CBC3
|
||||
GRANT SELECT ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
|
||||
grant delete on mysqltest.* to mysqltest_1@localhost;
|
||||
select * from mysql.user where user="mysqltest_1";
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections
|
||||
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 0 0 0
|
||||
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections
|
||||
localhost mysqltest_1 N N N N N N N N N N N N N N N N N N N N N 0 0 0 0
|
||||
show grants for mysqltest_1@localhost;
|
||||
Grants for mysqltest_1@localhost
|
||||
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost' REQUIRE CIPHER 'EDH-RSA-DES-CBC3-SHA'
|
||||
|
||||
@ -96,6 +96,7 @@ user CREATE TABLE `user` (
|
||||
`max_questions` int(11) unsigned NOT NULL default '0',
|
||||
`max_updates` int(11) unsigned NOT NULL default '0',
|
||||
`max_connections` int(11) unsigned NOT NULL default '0',
|
||||
`max_user_connections` int(11) unsigned NOT NULL default '0',
|
||||
PRIMARY KEY (`Host`,`User`)
|
||||
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Users and global privileges'
|
||||
show create table func;
|
||||
|
||||
89
mysql-test/r/user_limits.result
Normal file
89
mysql-test/r/user_limits.result
Normal file
@ -0,0 +1,89 @@
|
||||
drop table if exists t1;
|
||||
create table t1 (i int);
|
||||
delete from mysql.user where user like 'mysqltest\_%';
|
||||
delete from mysql.db where user like 'mysqltest\_%';
|
||||
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
||||
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
||||
flush privileges;
|
||||
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 2;
|
||||
select * from t1;
|
||||
i
|
||||
select * from t1;
|
||||
i
|
||||
select * from t1;
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_questions' resource (current value: 2)
|
||||
select * from t1;
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_questions' resource (current value: 2)
|
||||
drop user mysqltest_1@localhost;
|
||||
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 2;
|
||||
select * from t1;
|
||||
i
|
||||
select * from t1;
|
||||
i
|
||||
select * from t1;
|
||||
i
|
||||
delete from t1;
|
||||
delete from t1;
|
||||
delete from t1;
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_updates' resource (current value: 2)
|
||||
select * from t1;
|
||||
i
|
||||
delete from t1;
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_updates' resource (current value: 2)
|
||||
select * from t1;
|
||||
i
|
||||
drop user mysqltest_1@localhost;
|
||||
grant usage on *.* to mysqltest_1@localhost with max_connections_per_hour 2;
|
||||
select * from t1;
|
||||
i
|
||||
select * from t1;
|
||||
i
|
||||
connect(localhost,mysqltest_1,,test,MYSQL_PORT,MYSQL_SOCK);
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_connections' resource (current value: 2)
|
||||
select * from t1;
|
||||
i
|
||||
connect(localhost,mysqltest_1,,test,9306,/home/dlenev/src/mysql-5.0-1339/mysql-test/var/tmp/master.sock);
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_connections' resource (current value: 2)
|
||||
drop user mysqltest_1@localhost;
|
||||
flush privileges;
|
||||
grant usage on *.* to mysqltest_1@localhost with max_user_connections 2;
|
||||
select * from t1;
|
||||
i
|
||||
select * from t1;
|
||||
i
|
||||
connect(localhost,mysqltest_1,,test,MYSQL_PORT,MYSQL_SOCK);
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_user_connections' resource (current value: 2)
|
||||
select * from t1;
|
||||
i
|
||||
grant usage on *.* to mysqltest_1@localhost with max_user_connections 3;
|
||||
select * from t1;
|
||||
i
|
||||
connect(localhost,mysqltest_1,,test,MYSQL_PORT,MYSQL_SOCK);
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_user_connections' resource (current value: 3)
|
||||
drop user mysqltest_1@localhost;
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
@@session.max_user_connections @@global.max_user_connections
|
||||
0 0
|
||||
set session max_user_connections= 2;
|
||||
ERROR HY000: Variable 'max_user_connections' is a GLOBAL variable and should be set with SET GLOBAL
|
||||
set global max_user_connections= 2;
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
@@session.max_user_connections @@global.max_user_connections
|
||||
2 2
|
||||
grant usage on *.* to mysqltest_1@localhost;
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
@@session.max_user_connections @@global.max_user_connections
|
||||
2 2
|
||||
select * from t1;
|
||||
i
|
||||
connect(localhost,mysqltest_1,,test,MYSQL_PORT,MYSQL_SOCK);
|
||||
ERROR 42000: User mysqltest_1 has already more than 'max_user_connections' active connections
|
||||
grant usage on *.* to mysqltest_1@localhost with max_user_connections 3;
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
@@session.max_user_connections @@global.max_user_connections
|
||||
3 2
|
||||
connect(localhost,mysqltest_1,,test,MYSQL_PORT,MYSQL_SOCK);
|
||||
ERROR 42000: User 'mysqltest_1' has exceeded the 'max_user_connections' resource (current value: 3)
|
||||
set global max_user_connections= 0;
|
||||
drop user mysqltest_1@localhost;
|
||||
drop table t1;
|
||||
153
mysql-test/t/user_limits.test
Normal file
153
mysql-test/t/user_limits.test
Normal file
@ -0,0 +1,153 @@
|
||||
#
|
||||
# Test behavior of various per-account limits (aka quotas)
|
||||
#
|
||||
|
||||
# Prepare play-ground
|
||||
--disable_warnings
|
||||
drop table if exists t1;
|
||||
--enable_warnings
|
||||
create table t1 (i int);
|
||||
# Just be sure that nothing will bother us
|
||||
delete from mysql.user where user like 'mysqltest\_%';
|
||||
delete from mysql.db where user like 'mysqltest\_%';
|
||||
delete from mysql.tables_priv where user like 'mysqltest\_%';
|
||||
delete from mysql.columns_priv where user like 'mysqltest\_%';
|
||||
flush privileges;
|
||||
|
||||
# Test of MAX_QUERIES_PER_HOUR limit
|
||||
grant usage on *.* to mysqltest_1@localhost with max_queries_per_hour 2;
|
||||
connect (mqph, localhost, mysqltest_1,,);
|
||||
connection mqph;
|
||||
select * from t1;
|
||||
select * from t1;
|
||||
--error 1226
|
||||
select * from t1;
|
||||
connect (mqph2, localhost, mysqltest_1,,);
|
||||
connection mqph2;
|
||||
--error 1226
|
||||
select * from t1;
|
||||
# cleanup
|
||||
connection default;
|
||||
drop user mysqltest_1@localhost;
|
||||
disconnect mqph;
|
||||
disconnect mqph2;
|
||||
|
||||
# Test of MAX_UPDATES_PER_HOUR limit
|
||||
grant usage on *.* to mysqltest_1@localhost with max_updates_per_hour 2;
|
||||
connect (muph, localhost, mysqltest_1,,);
|
||||
connection muph;
|
||||
select * from t1;
|
||||
select * from t1;
|
||||
select * from t1;
|
||||
delete from t1;
|
||||
delete from t1;
|
||||
--error 1226
|
||||
delete from t1;
|
||||
select * from t1;
|
||||
connect (muph2, localhost, mysqltest_1,,);
|
||||
connection muph2;
|
||||
--error 1226
|
||||
delete from t1;
|
||||
select * from t1;
|
||||
# Cleanup
|
||||
connection default;
|
||||
drop user mysqltest_1@localhost;
|
||||
disconnect muph;
|
||||
disconnect muph2;
|
||||
|
||||
# Test of MAX_CONNECTIONS_PER_HOUR limit
|
||||
grant usage on *.* to mysqltest_1@localhost with max_connections_per_hour 2;
|
||||
connect (mcph1, localhost, mysqltest_1,,);
|
||||
connection mcph1;
|
||||
select * from t1;
|
||||
connect (mcph2, localhost, mysqltest_1,,);
|
||||
connection mcph2;
|
||||
select * from t1;
|
||||
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
||||
--error 1226
|
||||
connect (mcph3, localhost, mysqltest_1,,);
|
||||
# Old connection is still ok
|
||||
select * from t1;
|
||||
# Let us try to close old connections and try again. This will also test that
|
||||
# counters are not thrown away if there are no connections for this user.
|
||||
disconnect mcph1;
|
||||
disconnect mcph2;
|
||||
--error 1226
|
||||
connect (mcph3, localhost, mysqltest_1,,);
|
||||
# Cleanup
|
||||
connection default;
|
||||
drop user mysqltest_1@localhost;
|
||||
|
||||
# Test of MAX_USER_CONNECTIONS limit
|
||||
# We need this to reset internal mqh_used variable
|
||||
flush privileges;
|
||||
grant usage on *.* to mysqltest_1@localhost with max_user_connections 2;
|
||||
connect (muc1, localhost, mysqltest_1,,);
|
||||
connection muc1;
|
||||
select * from t1;
|
||||
connect (muc2, localhost, mysqltest_1,,);
|
||||
connection muc2;
|
||||
select * from t1;
|
||||
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
||||
--error 1226
|
||||
connect (muc3, localhost, mysqltest_1,,);
|
||||
# Closing of one of connections should help
|
||||
disconnect muc1;
|
||||
connect (muc3, localhost, mysqltest_1,,);
|
||||
select * from t1;
|
||||
# Changing of limit should also help (and immediately)
|
||||
connection default;
|
||||
grant usage on *.* to mysqltest_1@localhost with max_user_connections 3;
|
||||
connect (muc4, localhost, mysqltest_1,,);
|
||||
connection muc4;
|
||||
select * from t1;
|
||||
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
||||
--error 1226
|
||||
connect (muc5, localhost, mysqltest_1,,);
|
||||
# Clean up
|
||||
connection default;
|
||||
disconnect muc2;
|
||||
disconnect muc3;
|
||||
disconnect muc4;
|
||||
drop user mysqltest_1@localhost;
|
||||
|
||||
# Now let us test interaction between global and per-account
|
||||
# max_user_connections limits
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
# Local max_user_connections variable can't be set directly
|
||||
# since this limit is per-account
|
||||
--error 1229
|
||||
set session max_user_connections= 2;
|
||||
# But it is ok to set global max_user_connections
|
||||
set global max_user_connections= 2;
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
# Let us check that global limit works
|
||||
grant usage on *.* to mysqltest_1@localhost;
|
||||
connect (muca1, localhost, mysqltest_1,,);
|
||||
connection muca1;
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
connect (muca2, localhost, mysqltest_1,,);
|
||||
connection muca2;
|
||||
select * from t1;
|
||||
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
||||
--error 1203
|
||||
connect (muca3, localhost, mysqltest_1,,);
|
||||
# Now we are testing that per-account limit prevails over gloabl limit
|
||||
connection default;
|
||||
grant usage on *.* to mysqltest_1@localhost with max_user_connections 3;
|
||||
connect (muca3, localhost, mysqltest_1,,);
|
||||
connection muca3;
|
||||
select @@session.max_user_connections, @@global.max_user_connections;
|
||||
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
|
||||
--error 1226
|
||||
connect (muca4, localhost, mysqltest_1,,);
|
||||
# Cleanup
|
||||
connection default;
|
||||
disconnect muca1;
|
||||
disconnect muca2;
|
||||
disconnect muca3;
|
||||
set global max_user_connections= 0;
|
||||
drop user mysqltest_1@localhost;
|
||||
|
||||
# Final cleanup
|
||||
drop table t1;
|
||||
Reference in New Issue
Block a user